Phishing

Click the banner for the site map of NoticeBored.com, the information security awareness service

General [anti-] phishing resources

The Anti-Phishing Work Group primarily supports organizations that are being used as lures for phishing attacks. The community includes people who are fighting phishers all the time - there’s an immense amount of experience to share with those who are new at all this.

Take a look at page 49 of the NCL ‘call for action’ report for an excellent big picture overview from Microsoft of how phishing and other forms of identity theft actually work.

Wikipedia’s entry on phishing lists a hundred reference sources for the full nine yards.

The Honey Stick Project is performing ‘research related to computer user actions that provide insights into security awareness, as well as other security issues affecting individuals and business organizations’ by planting USB sticks in public places. Instead of automatically running malware when some hapless security unaware victim pops the stick in a PC, these sticks evidently just ‘phone home’. Hopefully.

PhishMe is not a phishing site but an awareness initiative, helping organizations set up fake phishing emails to send to their own employees. Instead of directing victims to a fake banking site to steal their details, emails send them to a phishing awareness information page.

The Internet Crime Complaint Center (IC3) is backed by the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C) and the Bureau of Justice Assistance (BJA). IC3 accepts online Internet crime complaints directly from either the person who believes they were defrauded or from a third party.

Bank Safe Online is a public awareness initiative backed by the UK banking industry. Read their consumer guides on phishing and money mules. OnGuardOnline is a similar initiative backed by the US Government, guiding consumers on how to avoid phishing, including 3 free security awareness videos (one / two / three). (Also available in Spanish). eBay has a tutorial on spotting scams and spoofs.

Free anti-phishing browser toolbars include CallingID, SiteAdvisor (free version has limited functionality), TrustWatch, Netcraft,

Payment News, a newsletter-style website for the financial services industry, has a section dedicated to phishing news.

Content Verification Certificates can be used to certify the integrity and authenticity of websites, giving confidence to consumers that they are not interacting with fake phishing sites. Identity Cues uses visual reminders linked to user’s login details for the same purpose.

Phishtank is a clearing house for information on phishing sites reported by the public.

Fraud Watch International is an Australian anti-fraud initiative.

Find out how phishers can obscure phishing website addresses using decimal or hexadecimal URLs, @ symbols and other tricks.

The US Financial Services Technology Consortium has information on the Anti-Phishing Consumer Protection Act of 2008.

WARNING: Internet pirates are trying to steal your personal financial information is a tri-fold leaflet on phishing from the US Treasury Department.

Symantec’s Phish Report Network is a anti-fraud community whose members (both organizations and individuals) submit spoofed/fraudulent Web sites for alerting/blocking by browser toolbars, web mail services, anti-spam and similar products. Law enforcement representatives also participate, allowing members to report fraud sites for criminal investigation at the same time.

General [anti-] phishing resources

Related NoticeBored links collections